From bb044030c6e2965634b23e4e42676dd6790625e3 Mon Sep 17 00:00:00 2001
From: Shubham Chaudhary <shubham.chaudhary@mayadata.io>
Date: Thu, 9 Apr 2020 16:34:54 +0530
Subject: [PATCH] refactor(powerfulseal): Adding separate rbac for powerfulseal
 LIB (#202)

Signed-off-by: shubhamchaudhary <shubham.chaudhary@mayadata.io>
---
 .../generic/pod-delete/powerfulseal_rbac.yaml | 38 +++++++++++++++++++
 charts/generic/pod-delete/rbac.yaml           |  5 +--
 2 files changed, 39 insertions(+), 4 deletions(-)
 create mode 100644 charts/generic/pod-delete/powerfulseal_rbac.yaml

diff --git a/charts/generic/pod-delete/powerfulseal_rbac.yaml b/charts/generic/pod-delete/powerfulseal_rbac.yaml
new file mode 100644
index 0000000..911f211
--- /dev/null
+++ b/charts/generic/pod-delete/powerfulseal_rbac.yaml
@@ -0,0 +1,38 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pod-delete-sa
+  namespace: default
+  labels:
+    name: pod-delete-sa
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: pod-delete-sa
+  labels:
+    name: pod-delete-sa
+rules:
+- apiGroups: ["","litmuschaos.io","batch","apps"]
+  resources: ["pods","deployments","pods/log","events","jobs","configmaps","chaosengines","chaosexperiments","chaosresults"]
+  verbs: ["create","list","get","patch","update","delete"]
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["get","list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: pod-delete-sa
+  labels:
+    name: pod-delete-sa
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: pod-delete-sa
+subjects:
+- kind: ServiceAccount
+  name: pod-delete-sa
+  namespace: default
+
diff --git a/charts/generic/pod-delete/rbac.yaml b/charts/generic/pod-delete/rbac.yaml
index 0b49796..e9a820b 100644
--- a/charts/generic/pod-delete/rbac.yaml
+++ b/charts/generic/pod-delete/rbac.yaml
@@ -16,11 +16,8 @@ metadata:
     name: pod-delete-sa
 rules:
 - apiGroups: ["","litmuschaos.io","batch","apps"]
-  resources: ["pods","deployments","pods/log","events","jobs","configmaps","chaosengines","chaosexperiments","chaosresults"]
+  resources: ["pods","deployments","pods/log","events","jobs","chaosengines","chaosexperiments","chaosresults"]
   verbs: ["create","list","get","patch","update","delete"]
-- apiGroups: [""]
-  resources: ["nodes"]
-  verbs: ["get","list"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding